Impact

A remote attacker could entice a user to open a specially crafted Bash
script, possibly resulting in execution of arbitrary code with the
privileges of the process, or a Denial of Service condition of the Bash
executable.

A local attacker may be able to perform symlink attacks to overwrite
arbitrary files with the privileges of the user running the application
or bypass shell access restrictions.